<?php
/**
 * 安全登录
 */
define ( 'IN_templates', "admin" );
include (dirname(__FILE__)."/../includes/init.php");//全局变量

/**
 * 页面动作
 */
$action=empty($_REQUEST['action'])?"":$_REQUEST['action'];

switch($action){
	case "login":

		$login_user=!empty($_POST['user'])?$fun->checkInput(trim($_POST['user'])):"";
		$login_pwd=md5((!empty($_POST['pwd'])?trim($_POST['pwd']):"").$pwdconstant);
		$login_icode=!empty($_POST['nzm'])?$_POST['nzm']:"";

		if(($login_user== "")||($_POST['pwd'] == "")||($login_icode == "")){
			$fun->msg("请您认真填写登录信息","index.php",2);
		}else{

			if($login_icode <> @$_SESSION['i_code']){

				$fun->msg("验证码错误","index.php",2);

			}else{

				$justice=$db->get_one("SELECT `adminid`, `username`,`realname`, `login_num`,`lastlogintime`,`logintime`,`permission`,`regtime`
										FROM `".$tbprefix."admin`
										WHERE `username`='".$login_user."'
										AND `password`='".$login_pwd."'
										AND `state`='1' AND `is_valid`='1'
										AND 1");

				if($justice){
					/**
					 * 建立会话变量,储存登录管理员id
					 */
					@$_SESSION['user_id']=$fun->authcode($justice['adminid'],'ENCODE', $pwdconstant,$expiry=$lifeTime);
					/**
					 * 成功登录，更新登录时间与登录次数
					 */
					$dataArray['`logintime`']=$m_now_time;				 		//登录时间
					$dataArray['`lastlogintime`']=$justice['logintime'];		//最后登录时间
					$dataArray['`login_num`']=$justice['login_num']+1; 		 	//登录次数
					$dataArray['`modify_ip`']=$fun->get_web_ip(); 		 		//登录IP

					$db->update("`".$tbprefix."admin`",$dataArray,$condition="adminid='".$justice['adminid']."' AND 1");

					$fun->msg("欢迎 ".$login_user." 进入".$cfg['sysNames'],"main.php",3,$title="登录提示");

				}else{

					$fun->msg("用户名或者密码错误","index.php",2);
					$db->close();
				}
			}
		}
		break;
		//退出登录
	case "exit":

		unset($_SESSION['user_id']);	//清除登录的用户id
		unset($_SESSION['act_url']); 	//清除超链接
		unset($_SESSION['i_code']);		//清除验证码

		$fun->msg("您已经成功退出系统","index.php",2,$title="退出提示");
		break;

	default:
		break;
}

//判断是否登录  登录直接进入系统页面
$input_adminid=trim(isset($_SESSION['user_id'])?$fun->authcode($_SESSION['user_id'], 'DECODE', $pwdconstant,$expiry =$lifeTime):"");
if(!empty($input_adminid)){
	$fun->msg("您已经登录系统,正在为您跳转中...","main.php",1,$title="登录提示");
}

$smarty->assign("title",$cfg['edition']." ".$cfg['sysNames']);		//系统名称

$smarty->display("index.tpl");
?>